[Gllug] Some network queries

Stephen Harker steve at pauken.co.uk
Mon Oct 15 14:11:58 UTC 2001


On Monday 15 October 2001 13:17, you wrote:
> On Monday, October 15, 2001, at 09:56 AM, tet at accucard.com wrote:
> >> Yes always have a non root user for remote connections via SSH you
> >> should not connect remotely to a machine as root.
> >
> > True, but it doesn't have to be a local user (which is what the original
> > question asked).
> >
> >> Also unless there is a very good reason for the users to have a shell
> >> account on the server change their shell to /bin/true which will
> >> allow them ftp only accounts.
> >
> > If you've set up your box for SSH, why leave FTP enabled? Kind of
> > defeats the point somewhat.
>
> You are right but most of our users and clients need and have ftp to
> upload files yes I know SSH is better but it doesn't have any graphical
> clients for  Mac and our designers and clients are not command line
> competent.  One day someone, maybe ourselves will write a graphical mac
> SSH client.
>
> We use a chrooted ftp server and use SSH for production servers and admin,
>   ie only Tech can update a production server. not the most secure solution
> I know but even if we trained our own staff we would still have clients
> insisting we rewrite the laws of computing for their convenience.  The
> best we can do is give them what they want get them to sign a disclaimer
> and hopefully understand the danger of their actions and then work in the
> background to minimise the damage. :-|
>
> If you don't want your clients not to have even ftp access change to  /bin/
> false in /etc/passwd.  I also answered the question before my first coffee.
>
>   :)
>
> Peace Jim
>
> Eugene Polzik and his co-workers at the University of Aarhus in Denmark
> have entangled about a million million caesium atoms. Four was the
> previous record.
> --http://www.nature.com/nsu/010927/010927-11.html

Hi there.
There is a graphical ssh client available at 
http://www.lysator.liu.se/~jonasw/freeware/niftyssh/

but as far as I know it doesn't do sftp so it may be of no use to you at all 
:-)
Steve

Stephen Harker
steve at pauken.co.uk

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list